Election Security Remains Just as Vulnerable as in 2016

Election Security Remains Just as Vulnerable as in 2016

The ability to vote for local, state, and federal representatives is the cornerstone of democracy in America. With mid-term congressional elections looming in early November, many voices have raised concerns that the voting infrastructure used by states across the Union might be suspect, unreliable, or potentially vulnerable to attacks. As Congress considers measures critical to consumer rights and the functioning of technology (net neutrality, data privacy, biometric identification, and surveillance), ensuring the integrity of elections has emerged as a matter of crucial importance.

With mid-term elections in just two months, Secretaries of State should be pressed to do their jobs and increase security before voters cast their ballots.

On the one hand, the right to vote may not be guaranteed for many people across the country. Historically, access to the ballot has been hard fought, from the Revolution and the Civil War to the movement for civil rights that compelled the Voting Rights Act (VRA). But recent restrictions on voting rights that have proliferated since the Supreme Court struck down the VRA’s pre-clearance provisions in 2013. Coupled with procedural impediments to voting, unresolved problems continue to plague the security of the technology that many voting precincts use in elections. With mid-term elections in just two months, Secretaries of State should be pressed to do their jobs and increase security before voters cast their ballots.

An individual’s experience at the ballot box varies widely across the country. States administer local and national elections, and individual precincts may provide a variety of different ways to vote depending on state rules and funding. In states like Oregon, every eligible voter is mailed a ballot, which they are encouraged to return. In the District of Columbia, voters have the option to choose between casting their vote on a paper ballot that is read by an optical scanner or voting at an electronic voting machine.

But in Georgia, Louisiana, Delaware, New Jersey, and South Carolina, voters can only use an electronic voting machine. That may seem problematic in the abstract, but in these states voters never even receive a receipt that allows them—or election auditors—to check to make sure the machine is calibrated correctly and recorded the right vote. And once votes are cast, states use different infrastructure to tally and analyze the vote and decide the election.

Investigations into the 2016 Presidential election and Russian interference show that foreign governments and malicious online actors are probing many vulnerabilities within U.S. elections. Whether their goals are to shape the outcome, or simply to cause turmoil, they warrant attention and a serious attempt to secure the election from interference.

Security Flaws in Voting Machines

The evidence is clear: there are numerous ways to exploit and tamper with voting machines currently in use in the United States.

At this year’s DEF CON, an annual security research conference, researchers evaluated a voting machine that’s used in 18 different states. They demonstrated how easy it is to gain administrative access, which lets someone change settings—or even the ballot—in under two minutes. The researchers concluded that because it takes the average voter about 6 minutes to cast a vote “This indicates one could realistically hack a voting machine in the polling place on Election Day within the time it takes to vote.” Another participant turned the voting machine into a jukebox in just a few hours.

DEF CON’s “Voting Village” includes electronic voting machines marketed to state election officials in the mid-2000s and in use today, which the organizers were able to buy on eBay. They also tested ballot counting equipment used across the country states, finding that:

“A voting tabulator that is currently used in 23 states is vulnerable to be remotely hacked via a network attack. Because the device in question is a high-speed unit designed to process a high volume of ballots for an entire county, ​hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election​.”

Voting equipment manufacturers have tried to undermine the credibility of these election security researchers, even suggesting that some may be foreign spies. Fortunately, Senators have rebuked this attack on security researchers investigating electronic voting machines saying, “We are disheartened that ES&S chose to dismiss these demonstrations as unrealistic and that your company is not supportive of independent testing.”

A congressional working group corroborated security researchers’ findings last January. The working group concluded that election infrastructure is largely insecure across the country. One of the group’s main recommendations was to replace outdated voting machines with paper ballots, which are regarded as the most secure way to cast a vote. The group outlined a number of further security concerns affecting voting machines, including:

42 states using machines 10 years or older, which are susceptible to vote flipping (recording the opposite candidate) and crashing,

At least ten states using machines that provide no paper record or receipt for voters to ensure that the right choices were cast

Including software or hardware that allows for internet connection, even if it is not used by poll workers,

And using removable memory cards or USB ports which allows an attacker to physically access the machine, and runs the risk of memory cards being programmed incorrectly by third-party companies.

And the National Academies of Sciences and Engineering just released a report recommending that “Every effort should be made to use human-readable paper ballots in the 2018 federal election. All local, state, and federal elections should be conducted using human-readable paper ballots by the 2020 presidential election.”

Auditing Voting Results

In order to know if a polling station or even state’s votes are accurate and there hasn’t been a security breach, states must check the vote. Paper ballots provide a record that auditors can check against, and risk limiting audits provide an easy procedure for states to verify voter tallies.

Risk limiting audits are designed so that state election auditors hand-count a small percentage of the total votes cast, with the percentage changing based on how close an election is predicted to be. For the 2016 Presidential election, researcher Ron Rivest calculated that Michigan, if it had risk limiting audits, could have counted just 11% of the ballots and achieved a 95% chance of spotting an incorrect result. Texas and Missouri, with their wider margins, could have counted 700 ballots and 10 ballots, respectively, to achieve the same confidence.

Currently, 33 states require post-election audits, but many election experts note that the methods used are not sufficient to actually determine whether a vote has been tampered with. Only New Mexico and Colorado use risk limiting audits, but Rhode Island will begin using them in this year’s midterms. Other states should consider matching these best practices to increase the reliability of their elections.

Attacks on State Infrastructure

The investigation into Russian-backed hacking and interference with the 2016 Presidential election shows just how susceptible state election systems (not just the voting equipment) are to outside interference. Special Counsel Robert Mueller’s indictment of 12 Russian Intelligence Operatives details how Russian GRU officers researched state election board domains, hacked into the website of one of the state election boards and stole information about 500,000 voters, and also hacked into computers of a company that supplied software used to verify voter registration information.

“The Russian government directed efforts to target voting systems in 21 states prior to the 2016 election. Although there is no evidence of the attacks altering the vote count, Kremlin hackers were able to breach at least two states’ voter registration databases. Russia’s appetite for undermining confidence in western democratic institutions – by disenfranchising voters or calling into question the integrity of election administration by altering voter information – is only growing stronger.”

Some states have done very little to actually secure their citizen’s data and votes. A federal lawsuit is now challenging Georgia’s security practices, including allowing the records of more than 6 million registered Georgia voters, password files, and encryption keys to be accessed online by anyone with the right website address. The District Judge found that there is not enough time to enforce the use of paper ballots before the election without causing a disruption to the November election, but argued that the case should proceed to briefing because of “democracy’s critical need for transparent, fair, accurate and verifiable election processes that guarantee each citizen’s fundamental right to cast an accountable vote.”

Politics of Do-Nothing

With the overwhelming evidence that elections in the United States are insecure, one large question remains: Why hasn’t Congress stepped in?

There have been efforts over the past two years to increase funding for election security and even mandate paper ballots and risk limiting audits, the industry gold standard. A bi-partisan group of Senators put forward the Secure Elections Act, which originally included provisions tying funding to paper ballots and risk limiting audits, before being watered down and eventually postponed. Senator Wyden (D-OR) has also authored the Protecting America Votes and Elections Act, which requires all states to implement these recommendations from security researchers.

But special interests continue to get in the way.

First, electronic voting machine manufacturers continue to lobby Congress and state governments to encourage the use of their machines, even for models which pose significant security concerns by failing to provide paper records. When Congress begins to move forward on election security provisions, states then push back saying that the proposals are not only burdensome but exceed federal authority in elections. In response to the proposed Secure Elections Act, states lobbied so vigorously that the White House intervened and killed the bill because it violated the “principles of Federalism.” It is disturbing (as well as potentially self-defeating) that some of the Secretaries of State blocking federal efforts to secure elections are now running for higher office.

Congress has allocated $380 million for states to apply for grants to increase their election infrastructure, but states did not begin receiving the funds until this summer, calling into question whether states will actually be able to purchase new equipment, update software, redesign election website security as their grant proposals lay out.

President Trump recently signed an executive order creating a system to impose sanctions on anyone who interferes with U.S. elections at his discretion, which may be the strongest deterrent in preventing foreign interference in this year’s midterms. But Senators on both sides of the aisle say that this order targeting individuals is not enough; instead, state sanctions should be mandatory and Congress should continue to push for legislation to “beef up our election security and prevent future attacks.”

You Should Still Vote

The beauty of locally administered elections is that people have the ability to demand that local officials protect the vote and enact much-called-for security reform. In each state, you can push for your Secretary of State and state legislature to enact risk limiting audits. In states with no paper trail, you can push for paper ballots or, at the least, machines that provide receipts. And if you support a federal baseline to ensure the minimum security requirements suggested by researchers (paper ballots and risk limiting audits), tell your Congressperson.

Voting may be a constitutional right, but it’s time for Congress and state governments to make it a funding necessity.

Sen. Ron Wyden’s new proposal to protect the integrity of U.S. elections, the Protecting American Votes and Elections (PAVE) Act of 2019, takes a much needed step forward by requiring a return to paper ballots. The bill forcefully addresses a grave threat to American democracy—outdated election technologies used...

UPDATE February 9 2019: Victory! These bills did not make it out of committee. Experts agree: Internet voting would be an information security disaster. Unfortunately, the Commonwealth of Virginia is considering a pair of bills to experiment with online voting. Pilot programs will do nothing to contradict the...

Right now, the U.S. Senate is debating an issue that’s critical to our democratic future: secure elections. Hacking attacks were used to try to undermine the 2016 U.S. election, and in recent years, elections in Latin America and Ukraine were also subject to cyber attacks. It only makes sense to...

The Senate is working on a bill to secure election infrastructure against cybersecurity threats, but, unless amended, it will widely miss the mark. The current text of the Secure Elections Act1 omits the two most effective measures that could secure...

Election security experts concerned about voting machines are calling for an audit of ballots in the three states where the presidential election was very close: Michigan, Wisconsin and Pennsylvania. We agree. This is an important election safety measure and should happen in all elections, not just those that have...

Most of the internet’s most popular voter registration sites make no promise to not turn and sell your information to advertisers, a Vocativ analysis has found. Of the nine major voter registration sites surveyed, only vote.gov, maintained by the U.S. General Services Administration, explicitly promises to neither share...

“Honestly, the real answer is 'it depends.' Marking election systems as critical infrastructure might help us begin to make them more secure, but not necessarily. And federalizing election systems could make us less secure by creating fewer points of failure. But overall, [the Electronic Frontier Foundation] and our colleagues at...

Buenos Aires is currently in the middle of electing its mayor and city council. With a first round that took place on July 5th, and a second round due on July 19th, the election is the first time Argentina's capital city has used an electronic voting system called ...